Method and apparatus for signaling privacy in personal communications systems

ABSTRACT

A system and method provides signaling privacy for communications between nodes of a communications network (30). Multiple logical links exist between distinct network nodes (38-40, 42, 50-53) of the communication network (30). Signaling privacy is achieved by a subscriber unit (80) providing encryption/decryption of signaling data messages at the messaging level. The subscriber unit (80) employs a signaling encryptor/decryptor (86) along the signaling path, which enables the signaling data messages to be separately encrypted from data on the traffic channel. The encrypted signaling data can then be sent along a different logical link from the traffic, while maintaining cipher key synchronization between the signaling encryptor/decryptor (86) and a network encryptor/decryptor (78) at a remote end of the logical link which transports the encrypted signaling data.

FIELD OF THE INVENTION

The present invention relates generally to communications systems, andmore particularly to providing privacy of signaling data incommunications systems in which traffic data and signaling data are sentto different destinations.

BACKGROUND OF THE INVENTION

Many communication systems currently use privacy techniques to providevoice and data confidentiality and to enhance user security. Encryptionis used to prevent unauthorized users from accessing the contents of thecommunicated message. Encryption techniques have been implemented incellular radiotelephone communication systems, personal communicationsystems, paging systems, and both wireline and wireless data networks.

The encryption aspect of privacy involves encryption/decryption ofcommunicated messages. In a communication system, messages are carriedin fundamental data packets. Data packets include a header portion,which contains routing and synchronization information, and a messagepayload portion. The payload contains the message content, which willgenerally be either signaling data or traffic data. Signaling data isinformation required to set up the call, establish communications linksand grant access. Traffic data is the information, typically voice ordigital data, whose content is the purpose of the message. Typically allmessage payloads, including those containing both signaling data andtraffic data, are encrypted identically and at once using a cipher key.

Prior art cellular communication systems typically include at least onegeographically fixed communication device in communication with one ormore subscriber units via radio frequency (RF) communication links. Thefixed communication device typically includes at least one switchingcenter. In prior-art systems, both the switching center and thesubscriber unit generate the same cipher key which is used forencryption. Thus, messages may be both encrypted and decrypted at bothsource and destination of the message. Accordingly, encryption preventsunintended listeners from accessing the contents of the message payloadalong the communication path between the source and destination.

FIG. 1 illustrates a prior-art subscriber unit having encryptioncapabilities. Subscriber unit 10 includes codec 12, signaling processor14, switch 16, encryptor/decryptor 18, key generator 20, transceiver 22,and antenna 24. Along the transmit path, codec 12 encodes traffic (e.g.,voice data) into a digital format which is suitable for encrypting.Processor 14 generates digital signaling data.

At times when encoded traffic is to be transmitted, switch 16 causesencoded traffic to be input to encryptor/decryptor 18. Similarly, attimes when digital signaling data is to be transmitted, switch 16 causesdigital signaling data to be input to encryptor/decryptor 18.Encryptor/decryptor 18 combines the encoded traffic or the digitalsignaling data with the cipher key, Kc, originating from key generator20 and the resulting encrypted bitstream is ready for securetransmission via transceiver 22 and antenna 24.

Along the receive path, antenna 24 and transceiver 22 receive a securetransmission from a remote device. The secure transmission is input toencryptor/decryptor 18, which combines the transmission with the cipherkey stream originating from key generator 20. This results in decrypteddata packets which could include encoded traffic or digital signalingdata. When the data packets include encoded traffic, switch 16 connectsthe packets to codec 12 which decodes the traffic. When the data packetsinclude digital signaling data, switch 16 connects the packets toprocessor 14 which consumes the signaling data.

As described previously and illustrated in conjunction with FIG. 1,prior-art communication systems typically encrypt/decrypt messagepayloads containing either signaling data and traffic data in the samemanner. Unfortunately, this technique does not work in some newercommunications systems, which separate the processing location ofmessages containing signaling data from the processing location ofmessages containing traffic data. For example, one system communicationdevice might handle call setup and a different communication devicemight be responsible for switching traffic. In prior-art systems of thistype, privacy is not implemented for several reasons.

One reason that privacy is not implemented in such systems is that,under prior-art protocols, only the call setup communication deviceknows the cipher key associated with the calling subscriber unit for thegiven call. New protocols would have to be implemented to in order tosynchronize and distribute the key generation variables to the othercommunication devices which need to encrypt/decrypt the data. Inaddition, when the signaling data and the traffic are encrypted togetherbut are bound for different destinations, both encrypted signaling andtraffic information would have to be sent to both destinations,consuming extra system resources. Alternatively, intermediatedecryption/re-encryption processes would have to take place atintermediate system nodes in order to separate the signaling and trafficinformation and re-send the information in a secure manner to therespective destinations. This would add a substantial level ofcomplexity to data transmissions, as well as adding delay to thecommunication path.

Without any privacy implemented in a communication system, messagepayloads are transmitted over a clear channel which allows a third partyto monitor the channel and listen to the message contents. The lack ofimplementing signaling privacy in a communication system may imposecertain security risks. Signaling data may include critical securityinformation such as the subscriber unit's mobile subscriberidentification number (MSI), access or authorization codes, the numberbeing dialed, and geo-positional location information. This type ofinformation could be intercepted by a third party over an unsecuredtransmission path.

Accordingly, it is desirable to provide an effective method ofimplementing privacy of signaling data in a communications systems whichprocess signaling data messages and traffic data messages at a separatenetwork processing nodes. In addition, it is desirable to accomplishsignaling privacy without requiring modifications to well-establishedcommunications protocols.

BRIEF DESCRIPTION OF THE DRAWING

The invention will be better understood from a reading of the followingdetailed description taken in conjunction with the drawing in which likereference designators are used to designate like elements, and in which:

FIG. 1 illustrates a prior-art subscriber unit having encryptioncapabilities;

FIG. 2 is a simplified diagram of a network requiring multiplesimultaneous connections that are terminated at distinct networkprocessing nodes in accordance with a preferred embodiment of thepresent invention;

FIG. 3 is a block diagram of a subscriber unit in accordance with apreferred embodiment of the present invention;

FIG. 4 is a block diagram illustrating key distribution within thenetwork in accordance with a preferred embodiment of the presentinvention;

FIG. 5 is a flowchart which illustrates a method for generating thecipher key Kc to be used for a call in accordance with a preferredembodiment of the present invention; and

FIG. 6 is a flowchart of a method used to prepare a subscriber unit toperform signaling message encryption/decryption in accordance with apreferred embodiment of the present invention.

DETAILED DESCRIPTION

The present invention provides signaling privacy in any network whichrequires multiple simultaneous connections that may be terminated atdifferent distinct locations or network processing nodes. The presentinvention performs encryption/decryption of the signaling data messageat the message level, where a virtual one-to-one connection existsbetween two network elements rather than at the transmission layer(i.e., at the physical layer, layer 1). This one-to-one connection isrequired in order to initiate and maintain cipher key synchronization.

Although encryption technology is tightly controlled by U.S. exportcontrol regulations, the regulations do allow export of certain types ofencryption if it is applied narrowly as, for example, to a set of data,and especially when implemented to support fraud reduction. Accordingly,by limiting the encryption to the message level, some privacy can beafforded on the message contents. This technique provides an additionaladvantage in that the encryption/decryption algorithm can be lesssophisticated than an algorithm used for mission data, and yet beequally secure over the duration of the call.

FIG. 2 illustrates a multi-nodal communication system 30 in accordancewith a preferred embodiment of the present invention. Communicationsystem 30 includes subscriber units 38-40 and network 44, which includessatellites 42 and gateways 50-53. In a preferred embodiment,communication system 30 provides essentially worldwide communicationsservices through the use of orbiting satellites 42. Satellites 42 occupyorbits that may be low-earth orbits, medium-earth orbits, geosynchronousorbits, or a combination thereof.

Subscriber Units 38-40 (SU) may be, for example, hand-held, portablecellular telephones adapted to transmit data to and/or receive data fromsatellites 42. SUs 38-40 may also be other communication units such asfacsimile devices, pagers, data terminals or any other type ofcommunication devices. Hard-wired telephony units (not shown) may alsoserve as communication terminals in communication system 30. Thesetelephony units may communicate with the satellite network usingGateways 50-53.

Gateways 50-53 (GW) are equipment facilities, typically ground-based,that are capable of interfacing satellites 42 with ground-basedequipment such as, for example, a public switched telephone network(PSTN) (not shown). GWs 50-53 may communicate directly with satellites42, or may communicate via remote or co-located ground stations (notshown). In addition, GWs 50-53 perform functions such as call setup,billing, and subscriber monitoring, for example.

Satellites 42 operate as routing nodes for communication system 30, andcommunicate with terrestrial equipment which may be any number of SUs38-40, GWs 50-53, and possibly other communication devices (not shown).Specifically, satellites 42 support links 59-61 with SUs 40 and links62-65 with GWs 50-53. Satellites 42 also desirably communicate withother satellites 42 over cross links 66. Links 59-66 are referred toherein as "physical links".

"Logical links" also exist within communication system 30. As usedherein, a "logical link" connotes a point-to-point connection betweentwo system nodes. For example, a logical link exists between SU 38 andGW 53. This logical link utilizes physical links 65, 66, and 61 toestablish a connection. A particular SU might support multiple logicallinks at any particular time. For example, an SU could simultaneouslysupport a logical link with a satellite 42, and multiple other logicallinks with multiple GWs. In a preferred embodiment of the presentinvention, a particular SU can separately encrypt/decrypt data sent andreceived on each logical link, or the SU might encrypt data on onelogical link while sending unencrypted data on another logical link. Theability of an SU to separately encrypt/decrypt the various logical linkswhich it supports is described in detail, below. Multiple logical linksmay exist between two physical entities. For example an SU couldsimultaneously support two logical links to GW 50. Specifically, aseparate logical link may be used for both traffic and signaling,although both are terminated in a single GW.

Communication system 30 may also include one or more System ControlStations (SCS) (not shown) to act as control facilities which controlsome operations of communication system 30. An SCS may communicatedirectly with satellites 42, or may communicate via remote or co-locatedground stations (not shown). Physical and logical links can also bemaintained between GWs 50-53, SUs 38-40, and SCSs.

Only three SUs 38-40 and satellites 42 and four GWs 50-53 are shown inFIG. 2 for clarity and ease of understanding. Those of skill in the artwill understand based on the description that additional systemfacilities may be desirable, depending upon the requirements of thecommunication system.

In alternate embodiments, the method and apparatus of the presentinvention could be practiced in a terrestrial communication system or acombined terrestrial and satellite communication system. Applied to aterrestrial system (e.g., a GSM cellular system), Base TransceiverSubsystems (BTS) would be analogous to satellites 42, Base SiteControllers (BSC) and Mobile Switching Centers (MSC) would be analogousto GWs 50-53, and a cellular/PCS wireless network would be analogous tosatellite-based network 44. Thus, in alternate embodiments, the methodand apparatus of the present invention could be implemented in aterrestrial-based GSM system or any other wireless, wireline, or opticalcommunication system.

FIG. 3 is a block diagram of a subscriber unit (SU) in accordance with apreferred embodiment of the present invention. Subscriber unit 80includes codec 82, signaling processors 84, SIM 74, signalingencryptor/decryptors 86, signaling key generators 88, multiplexer 90(MUX), transceiver 96, and antenna 98. In a preferred embodiment,subscriber unit 80 also includes traffic encryptor/decryptor 92 andtraffic key generator 94, although in an alternate embodiment, theseelements are not included and the traffic is not encrypted. In otheralternate embodiments where the source of traffic is not voice, codec 82would be replaced by some other data source, for example, an RS-232connection to a portable computing device.

The method and apparatus of the present invention enables signaling datato be encrypted and decrypted separately from the traffic channel. Thus,when the traffic data and the signaling data are destined for differentlogical links, these links do not have to utilize precisely the samekey. In addition, each logical link can maintain key synchronizationindependent of all other logical links.

In a preferred embodiment, a separate key generator with associated keysynchronization is established for each peer-to-peer logical link. Forexample, in a mobile satellite system application, separate signalingconnections are established between the SU and a satellite for linkmaintenance and channel control, and between the SU and a call setupgateway for mobility management and call control. Alternatively, in aGSM network, the SACCH signaling could be encrypted separately from theFACCH signaling.

Unlike the prior-art apparatus described in conjunction with FIG. 1, theapparatus of the present invention achieves separate encoding of thesignaling channel by including one or more separate signalingencryptor/decryptors 86 along the signaling path. Signalingencryptor/decryptors 86 utilize a cipher key stream which is generatedby key generator 88. The initial cipher key, Kc, originates from SIM 74,which uses a random number, RAND, to generate the original cipher key,Kc. The cipher key, Kc, determines the random bit sequence generated bythe key generator, resulting in the cipher key stream.

Signaling data originates from a signaling processor 84 and is input toa signaling encryptor/decryptor 86. A cipher key stream is generated bya key generator 88 and also is input to the signalingencryptor/decryptor 86. The cipher key stream should remain synchronizedwith a cipher key stream which is generated at the destination of theencrypted signaling data. In a preferred embodiment, the GSM A5algorithm is used by key generator 88 to generate the cipher key stream.

By performing encryption at the signaling message level, synchronizationis simplified in many applications because the message protocols ensurethat all transmittal messages are received, thus maintaining bit countintegrity. Alternatively, synchronization can be maintained through theaddition of header bits which are used to properly sequence receivedmessages.

At times when encoded traffic is to be transmitted, MUX 90 selectsencoded traffic originating from codec 82. Similarly, at times whenencrypted signaling data is to be transmitted, MUX 90 selects encryptedsignaling data originating from signaling encryptor/decryptor 86. Forexample, in the GSM cellular network protocols, signaling messages aresent by replacing traffic channel TDMA bursts with signaling FACCHbursts.

As stated previously, communication unit 80 could include a trafficencryptor/decryptor 92 and traffic key generator 94, although theseelements are not required. Traffic encryptor/decryptor 92 combines theencoded traffic with the traffic cipher key stream originating fromtraffic key generator 94 and the resulting encrypted bitstream is readyfor secure transmission via transceiver 96 and antenna 98. In analternate embodiment, communication unit 80 does not include the secondencryptor/decryptor 92 and key generator 94 and the encoded traffic orencrypted signaling data essentially pass through to transceiver 96. Ina preferred embodiment, SIM 74 is used to generate a cipher key, Kc_(T),for use by traffic key generator 94.

Encryptor/decryptors 86, 92 are configured to receive cipher key streamsfrom key generators 88, 94. Encryptor/decryptors 86, 92 utilize keystreams to encrypt and generate outgoing messages. Encryptor/decryptors86, 92 also receive encrypted incoming messages. Using cipher keysstreams, encryptor/decryptors 86, 92 decrypt these messages to generateincoming messages.

Encryptor/decryptors 86, 92 may be implemented to perform any number ofencryption and decryption algorithms which are known by those skilled inthe art. By way of example, the encryption/decryption algorithm may beimplemented with the well-known DES algorithm. In a preferredembodiment, encryptor/decryptors 86, 92 exclusive-or the ciphered datawith the key stream to perform decryption and exclusive-or the signalingdata with the key stream to perform encryption, although either or bothencryptors/decryptors 86, 92 could use different algorithms in alternateembodiments.

The cipher key streams generated by key generator 88 and key generator94 could be the same or different. Cipher keys streams could besynchronized or not. There is no requirement for or against having thesame cipher key for key generators 88, 94. In a preferred embodiment,key generator 88 and key generator 94 use the GSM A5 algorithm and Kcfrom SIM 74 to generate the cipher key stream.

During times when unencrypted signaling data and/or traffic are desired,either of key generators 88, 94 could be disabled in order to pass clearsignaling data and/or traffic. For example, in one embodiment, signalingkey generator 88 would be enabled and traffic key generator 94 would bedisabled when only encrypted signaling data is desired.

Incoming and outgoing messages can be encrypted at any layer in theprotocol stack. In a preferred embodiment, the encryption/decryption isperformed at the messaging layer. For example, in a preferredembodiment, using GSM terminology, encryption/decryption is performedduring DTAP processing so that the message is encrypted/decrypted by theBSC such that the BSC-to-MSC SCCP connection is not encrypted.

MUX 90 multiplexes the encrypted outgoing messages with other data.Transceiver 96 performs error encoding, interleaving, modulation, andother steps necessary to transmit the information on a signal that istransmitted on an RF link using an antenna 98. Transceiver 96 alsoreceives signals on antenna 98, and performs demodulation,deinterleaving, error correction and other steps necessary to recoverthe underlying data stream, which is then separated into encryptedincoming messages and other data by MUX 90.

FIG. 4 is a block diagram illustrating key distribution within thenetwork in accordance with a preferred embodiment of the presentinvention. Key distribution is initiated by authentication center 72(AUC) which distributes the cipher key, Kc, and random number, RAND, toGW key generator 76 and subscriber unit SIM 74, respectively, which arealso illustrated in FIG. 3. SIM 74, which is located within SU 80,calculates the cipher key, Kc, from RAND and distributes the cipher key,Kc, to SU key generator 88 so that it can produce a cipher key streamfor SU encryptor/decryptor 86. GW key generator 76 also uses the cipherkey, Kc, to produce a cipher key stream for GW encryptor/decryptor 78.Authentication center 72 can be located at any network processing nodewithin network 30. In a preferred embodiment, AUC 72 is located at oneor all GWs 50-53.

FIG. 5 is a flowchart which illustrates a method for generating thecipher key Kc to be used for a call in accordance with a preferredembodiment of the present invention. To generate a cipher key Kc to beused by key generators 88, 94 (FIG. 3), a random number RAND isgenerated in a step 100. The random number RAND may be generated at anynetwork processing node within the network 30. In the preferredembodiment, RAND is generated by the authentication center 72 (FIG. 4)(AUC).

In a step 102, the cipher key Kc is generated based on the random numberRAND and the calling subscriber unit's secret key Ki. Secret key Ki is afixed variable unique to the identity of the user. In the preferredembodiment, the authentication center 72 maintains a registry of thesecret keys Ki for each subscriber unit, which is indexed by theidentity of the calling subscriber unit. Using the random number RANDand the calling subscriber unit's secret key, Ki, the authenticationcenter 72 computes the cipher key Kc using a trapdoor algorithm, suchthat knowledge of RAND and Kc can not be used to calculate Ki. In apreferred embodiment, RAND, Kc pairs are computed in advance, desirablyusing GSM algorithm A8, and stored to minimize setup time.

In a step 104, the random number RAND is sent to the subscriber unit 80.In a step 106, the cipher key Kc is sent to GW key generator 76 (FIG.4). At the completion of step 106, the network 30 is properly staged toperform encryption/decryption for that particular call.

FIG. 6 is a flowchart of a method used to prepare a subscriber unit toperform signaling message encryption/decryption in accordance with apreferred embodiment of the present invention. In a step 200, SIM 74(FIG. 4) within subscriber unit 80 receives the random number RAND. In astep 202, SIM 74 uses the random number RAND and a local copy of itssecret key Ki to compute the cipher key Kc. In a step 204, the cipherkey Kc is sent to key generator 88 in subscriber unit 80. At thecompletion of step 204, the subscriber unit 80 is properly staged toperform encryption/decryption for that call.

It is important to maintain synchronization between the networkencryption/decryption unit 78 (FIG. 4) and SU encryption/decryption unit86 in subscriber unit 80. If the transmission protocol of thecommunication system maintains a message count, synchronization can bemaintained using these available message counters. If there is no suchinherent reliable message count available, then alternatesynchronization methods well known to those of skill in the art, such asthe use of header or framing bits, are required.

The present invention may be used to provide signaling privacy insystems where the subscriber unit maintains separate distinct virtualconnections between itself and the serving satellite, the call setupgateway, and the distribution gateway. In particular, the presentinvention implements signaling privacy on the subscriber-to-satellitesignaling link, and on the subscriber-to-gateway link. In addition, thisinvention provides signaling privacy without requiring any modificationsto existing communication system protocols.

Although the invention has been described in terms of the illustrativeembodiment, it will be appreciated by those skilled in the art thatvarious changes and modifications may be made to the illustrativeembodiment without departing from the spirit or scope of the invention.For example, although the method and apparatus of the present inventionare described in the context of a satellite communication system, theyalso could be implemented in a terrestrial RF or cellular system, aswell as a landline or optical system or combination thereof. It isintended that the scope of the invention not be limited in any way tothe illustrative embodiment shown and described but that the inventionbe limited only by the claims appended hereto.

What is claimed is:
 1. A communication unit for use in a wirelesscommunication system, the communication unit comprising:a traffic datakey generator for generating a traffic cipher key stream; a traffic dataencryptor coupled to the traffic key generator for encrypting trafficdata with the traffic key stream; a signaling processor which producessignaling data, the signaling data being destined for a signaldestination node of the wireless communication system; a signaling keygenerator which generates a signaling cipher key stream from a numberstored on a subscriber information module (SIM); a signaling encryptor,coupled to the signaling processor and to the signaling key generator,which encrypts the signaling data using the signaling cipher key streamresulting in encrypted signaling data; a traffic data source whichproduces said traffic data, said traffic data being destined for atraffic destination node of the wireless communication system; amultiplexor coupled to the traffic data encryptor and the signalingencryptor for multiplexing the encrypted traffic data and encryptedsignaling data; a transceiver, for transmitting the multiplexedencrypted signaling data and encrypted traffic data over a first RF linkto a node of the wireless communication system.
 2. The communicationunit as claimed in claim 1wherein the encrypted signaling data andencrypted traffic data are provided to the multiplexor in the form of,respectfully, signaling data packets and traffic data packets, whereineach data packet comprises a header portion and a payload portion, andwherein the payload portion of the signaling data packets comprises thesignaling data, and the payload portion of the traffic data packetscomprises the traffic data, and wherein the signaling data packets arerouted to the signaling destination node of the wireless communicationsystem over a first logical link, and wherein traffic data packets arerouted to the traffic destination node of the wireless communicationsystem over a second logical link.
 3. The communication unit as claimedin claim 1 wherein the wireless communication system comprises aplurality of satellites moving with respect to earth's surface, andwherein the transceiver sends the encrypted signaling data and encryptedtraffic data to one of the satellites of the communication system oversaid single RF link,and wherein the traffic destination node is either acalled or calling party, and when the signaling destination node is saidone satellite, said signaling data comprises link control data.
 4. Thecommunication unit as claimed in claim 1, wherein the signalingencryptor comprises a signaling decryptor portion coupled to thesignaling processor and to the signaling key generator, which decryptsreceived encrypted signaling data using the signaling cipher key stream,resulting in decrypted signaling data, the signaling decryptor portionproviding the decrypted signaling data to the signaling processor. 5.The communication unit as claimed in claim 3, further comprising:asecond signaling encryptor which encrypts second signaling data usingsecond signaling cipher key stream for secure transmission over a thirdlogical link, said second signaling data comprising channel controlinformation being routed over the third logical link to second signalingdestination node of the wireless communication system, the secondsignaling destination node being a gateway.
 6. The communication unit asclaimed in claim 5, further comprising:a second signaling key generator,coupled to the second signaling encryptor, which generates the secondsignaling cipher key stream.
 7. The communication unit as claimed inclaim 6, further comprising:a second signaling processor, coupled to thesecond signaling encryptor, which produces the second signaling data tobe encrypted by the second signaling encryptor.
 8. The communicationunit as claimed in claim 3 wherein the signaling data comprises channelcontrol information.
 9. The communication unit as claimed in claim 8wherein the traffic data encryptor comprises a traffic decryptorportion, coupled to the traffic key generator, the traffic dataencryptor portion decrypting incoming encrypted traffic data using thetraffic key stream.
 10. A wireless communication system comprising:anauthentication center (AUC) which produces a signaling cipher key and arandom number, and stores the random number on a SIM card; a wirelesscommunication device comprising a signaling key generator for retrievingthe random number from the SIM card and generating the signaling cipherkey from the random number, and using the signaling cipher key togenerate a signaling cipher key stream used to encrypt signaling dataresulting in encrypted signaling data; and a gateway which receives thecipher key from the AUC, and uses the cipher key to decrypt theencrypted signaling data received from the wireless communication devicethrough a first logical channel; and a satellite coupled to the wirelesscommunication device by an RF link, said wireless communication devicefurther comprising a traffic key generator for generating a traffic keystream, a traffic encryptor for encrypting traffic data with the traffickey stream, a multiplexor for multiplexing the encrypted signaling datawith the encrypted traffic data, and a transceiver for transmitting themultiplexed data over the RF link to the satellite, the encryptedtraffic data being routed to a called or calling party through a secondlogical channel.
 11. The communication system as claimed in claim 10,wherein the wireless communication device further comprises a secondsignaling key generator for generating a second signaling cipher keystream for encrypting second signaling data, the second signaling datadestined for use the satellite, the second signaling data comprisinginformation for managing said RF link.
 12. A method for securelycommunicating signaling data from a wireless communication device to afirst destination device of a satellite communication system, andcommunicating traffic data to a second destination device, the methodcomprising the steps of:generating a signaling cipher key by a signalingkey generator using a random number stored on a SIM of the wirelesscommunication device; encrypting the signaling data, by a signalingencryptor, using the cipher key resulting in encrypted signaling data;encrypting traffic data with a traffic data encryptor using a trafficcipher key stream; multiplexing the encrypted signaling data and theencrypted traffic data for transmission to a satellite of the satellitecommunication system; transmitting the encrypted signaling data over afirst logical link to the first destination device, the first logicallink comprising a first set of physical links; transmitting theencrypted traffic data over a second logical link to a seconddestination device, the second logical link comprising a second set ofphysical links, wherein the first and second sets of physical linkscomprise a common RF link between the wireless communication device andthe satellite.
 13. The method as claimed in claim 12, further comprisingthe steps of:receiving second encrypted signaling data from the seconddestination device; and decrypting the second encrypted signaling databy a signaling decryptor, using the signaling cipher key.
 14. A methodof operating a communication device for securely communicating signalingand traffic data in a wireless communication system, the methodcomprising the steps of:generating a signaling cipher key stream with asignaling key generator; encrypting signaling data using the signalingcipher key stream, the signaling data comprising channel controlinformation; multiplexing the encrypted signaling data and traffic datafor transmission to a satellite of the wireless communication system,wherein the encrypted signaling data is routed over a first logical linkto a first destination device, and the traffic data is routed over asecond logical link to a second destination device, wherein the firstand second logical links share a common RF link between thecommunication device and the satellite.
 15. The method as claimed inclaim 14 wherein the first destination device is a gateway of thecommunication system, and the method further comprises the stepsof:encrypting second signaling data with a second signaling cipher keystream, said second signaling data being destined for said satellite andcomprising information for controlling the RF link between the satelliteand the communication unit; multiplexing the encrypted second signalingdata with the encrypted signaling data and traffic data for transmissionto the satellite.
 16. A wireless communication system comprising:anauthentication center for producing a signaling cipher key and a randomnumber and stores the random number of a SIM card; a gateway which usesthe signaling cipher key to decrypt encrypted signaling data, theencrypted signaling data being produced by a wireless communicationdevice using the random number from the SIM card; a satellitecommunication node coupling the wireless communication device to thewireless communication system by an RF link, wherein multiplexed datacomprising encrypted traffic data and the encrypted signaling data isreceived by the satellite from the wireless communication device, theencrypted traffic data being produced by the wireless communicationdevice using a traffic cipher key that is different from the signalingcipher key, the encrypted traffic data being routed over a first logicallink through the wireless communication system to a traffic destinationnode, the encrypted signaling data being routed over a second logicallink through the wireless communication system to the gateway.
 17. Thewireless communication system as claimed in claim 16 wherein thesignaling data is first signaling data, and the communication unitproduces encrypted second signaling data, and wherein the satellitereceives multiplexed data comprised of the encrypted traffic data, theencrypted first signaling data and the encrypted second signaling data,and wherein the second signaling data comprises link control data and isdestined for receipt by the satellite communication node.